The Bryant Advantage Bulldog Blog

Chris Bryant's Facebook Fan Page

Join Me On Twitter For CCNA and CCNP Updates!

Over 500,000 Views On Our Video Training Channel!

Subscribe To My RSS Feed!

Network With Me On Linkedin!

 

  More Testimonials >
Visit my blog for free daily Cisco CCNA and CCNP certification questions, my latest free articles and tutorials, and more!


 

 

CCNA Security 640-554 Certification Tutorial:

IP Spoofing And RFC 3704 / 2827 Filtering

What's Being Spoofed? What's Being Filtered?

Chris Bryant, CCIE #12933

 

ISDN is long gone from Cisco certification exams, but there's a term from the ISDN days that you need to know for your CCNA Security exam ... "spoofing".

When two routers communicate via ISDN, one router is basically making a phone call to another. Obviously, we can't have that call in place all the time or we're going to get a really big phone bill!

Instead, we'd allow the ISDN line to show as "spoofed", so the connecting network would appear in the routing tables but the actual phone call would not be in place.

We don't have to concern ourselves with ISDN spoofing for these exams, but for these exams *and* real-world network security, we have to be familiar with IP spoofing.

Simply put, when a network intruder uses the IP address of a trusted device in order to gain access to your network, that's IP Spoofing.

IP Spoofing can be used against your network in several ways:

Injecting a stream of malicious code and/or commands into your network

To trick legitimate network hosts into sending sensitive data to the attacker

As part of a reconnaissance attack , an attack that in itself may not be damaging, but is used to gather information for future, more destructive attacks. 

One simple and powerful step we can take to stop these attacks is preventing IP packets with certain IP source addresses from being admitted to our network in the first place.

Think about it - if a packet arrives on your network's outside router with a source IP address of 0.0.0.0, is it likely from a legitimate source?

Nope!

So what other source IP addresses should we be concerned about?

Two RFCs define these suspect addresses. The original is RFC 2827, and the updated version is RFC 3704. The latter recommends that you prohibit packets with source IP addresses from the following ranges from entering your network -- and some of these ranges should look familiar!

0.0.0.0 /8

10.0.0.0 /8  (RFC 1918 Class A private range)

127.0.0.0 /8  (loopback address range)

172.16.0.0 /12   (RFC 1918 Class B private range)

192.168.0.0 /16  (RFC 1918 Class C private range)

224.0.0.0 /4  (reserved for IP multicasts)

240.0.0.0 /4   (RFC 1918 Class E private range)

Blocking these address ranges for incoming traffic on your network's perimeter routers is sometimes called "2827 filtering" or "3704 filtering", referring to the original and updated RFCs that discuss this topic in a great deal of detail.

You can also use a combination of encryption techniques such as IPSec, one-time-only passwords, and access lists to defend against spoofing attacks.  The combination you use really depends on your network, but in any case I would use RFC 3704 filtering.

If you place your router into "one-step lockdown", packets sourced from any of these ranges are blocked.

Of course, not all harmful packets will be source from these ranges - but blocking these ranges is an excellent step in the right direction!

 

CCNA Security 640-554 Videos And Tutorials

 

CCNA Security 640-554 Video Boot Camp Preview

 

CCNA Security 640-554 Free Video Preview

Students in that course receive a 60% discount on the full course on October 29 - so it's well worth taking five minutes to sign up right now!

They'll also get the best possible price on my CCNP Security 640-554 Bulldog Boot Camp DVD!

CCNA Security DVD Video Boot Camp - Chris Bryant

 

Chris Bryant

CCIE #12933

"The Computer Certification Bulldog"

chris@thebryantadvantage.com

 

I'm Paying It Forward Bigger Than Ever.

My Famous CCNA Study Package Is Now $25.

CCNA Exam Study Package CCNA Boot Camp On-Demand

 

 

No Gimmicks -- Just Results.

Get CCNA Security Certified Today For $20.

CCNA Security Study Package

 

CCNP ISCW Study PackageCCNP Certification Exam Study Bundle

 

 

The Ultimate CCNA Study Package | The Ultimate CCNA Study Guide

Binary Math And Subnetting Mastery

Cisco Rack Rentals

CCNP BSCI Exam Study Package

CCNP BCMSN Exam Study Package

CCNP BCRAN Exam Study Package

CCNP CIT Exam Study Package | CCNP BSCI Exam Study Guide

CCNA CBT Video Boot Camp | CCNP BSCI Video Boot Camp

Cisco Training Tutorials And Cisco Certification Articles

CCNP CBT BCMSN Video Boot Camp | CCNP CBT BCRAN Video Boot Camp

CompTIA Network+ Exam Study Package

CompTIA Security+ Exam Study Package

CompTIA A + Certification Exam Study Package

CCNA Training Store | CCNP Certification Training Store

CompTIA Certification Training Store

Cisco Lab Router And Switch Home Lab Help

Site Map | Home Page | Testimonials

Microsoft Windows Vista Certification Updates And News

The Bryant Advantage Blog | About Chris Bryant, CCIE #12933